routing revision 77992
1264790Sbapt#!/bin/sh - 2264790Sbapt# 3272955Srodrigc# Copyright (c) 1993 The FreeBSD Project 4264790Sbapt# All rights reserved. 5264790Sbapt# 6264790Sbapt# Redistribution and use in source and binary forms, with or without 7264790Sbapt# modification, are permitted provided that the following conditions 8264790Sbapt# are met: 9264790Sbapt# 1. Redistributions of source code must retain the above copyright 10264790Sbapt# notice, this list of conditions and the following disclaimer. 11264790Sbapt# 2. Redistributions in binary form must reproduce the above copyright 12264790Sbapt# notice, this list of conditions and the following disclaimer in the 13264790Sbapt# documentation and/or other materials provided with the distribution. 14264790Sbapt# 15264790Sbapt# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16264790Sbapt# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17264790Sbapt# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18264790Sbapt# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19264790Sbapt# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20264790Sbapt# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21264790Sbapt# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22264790Sbapt# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23264790Sbapt# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24264790Sbapt# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25264790Sbapt# SUCH DAMAGE. 26264790Sbapt# 27264790Sbapt# $FreeBSD: head/etc/rc.d/routing 77992 2001-06-10 16:21:56Z brian $ 28264790Sbapt# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29264790Sbapt# 30264790Sbapt 31264790Sbapt# Note that almost all of the user-configurable behavior is no longer in 32264790Sbapt# this file, but rather in /etc/defaults/rc.conf. Please check that file 33264790Sbapt# first before contemplating any changes here. If you do need to change 34264790Sbapt# this file for some reason, we would like to know about it. 35264790Sbapt 36264790Sbapt# First pass startup stuff. 37264790Sbapt# 38264790Sbaptnetwork_pass1() { 39264790Sbapt echo -n 'Doing initial network setup:' 40264790Sbapt 41264790Sbapt # Convert host.conf to nsswitch.conf if necessary 42264790Sbapt if [ -f "/etc/host.conf" ]; then 43264790Sbapt echo '' 44264790Sbapt echo 'Warning: /etc/host.conf is no longer used' 45264790Sbapt if [ -f "/etc/nsswitch.conf" ]; then 46264790Sbapt echo ' /etc/nsswitch.conf will be used instead' 47264790Sbapt else 48264790Sbapt echo ' /etc/nsswitch.conf will be created for you' 49264790Sbapt convert_host_conf /etc/host.conf /etc/nsswitch.conf 50264790Sbapt fi 51264790Sbapt fi 52264790Sbapt 53264790Sbapt # Set the host name if it is not already set 54264790Sbapt # 55264790Sbapt if [ -z "`hostname -s`" ]; then 56264790Sbapt hostname ${hostname} 57264790Sbapt echo -n ' hostname' 58264790Sbapt fi 59264790Sbapt 60264790Sbapt # Establish ipfilter ruleset as early as possible (best in 61264790Sbapt # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62264790Sbapt # 63264790Sbapt case "${ipfilter_enable}" in 64264790Sbapt [Yy][Ee][Ss]) 65264790Sbapt if [ -r "${ipfilter_rules}" ]; then 66264790Sbapt echo -n ' ipfilter'; 67264790Sbapt ${ipfilter_program:-/sbin/ipf -Fa -f} \ 68264790Sbapt "${ipfilter_rules}" ${ipfilter_flags} 69264790Sbapt case "${ipmon_enable}" in 70264790Sbapt [Yy][Ee][Ss]) 71264790Sbapt echo -n ' ipmon' 72264790Sbapt ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 73264790Sbapt ;; 74264790Sbapt esac 75264790Sbapt case "${ipnat_enable}" in 76264790Sbapt [Yy][Ee][Ss]) 77264790Sbapt if [ -r "${ipnat_rules}" ]; then 78264790Sbapt echo -n ' ipnat'; 79264790Sbapt eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 80264790Sbapt "${ipnat_rules}" ${ipnat_flags} 81264790Sbapt else 82264790Sbapt echo -n ' NO IPNAT RULES' 83264790Sbapt fi 84264790Sbapt ;; 85264790Sbapt esac 86264790Sbapt else 87264790Sbapt ipfilter_enable="NO" 88264790Sbapt echo -n ' NO IPF RULES' 89264790Sbapt fi 90264790Sbapt ;; 91264790Sbapt esac 92264790Sbapt 93264790Sbapt # Set the domainname if we're using NIS 94264790Sbapt # 95264790Sbapt case ${nisdomainname} in 96264790Sbapt [Nn][Oo] | '') 97264790Sbapt ;; 98264790Sbapt *) 99264790Sbapt domainname ${nisdomainname} 100264790Sbapt echo -n ' domain' 101264790Sbapt ;; 102264790Sbapt esac 103264790Sbapt 104264790Sbapt echo '.' 105264790Sbapt 106264790Sbapt # Initial ATM interface configuration 107264790Sbapt # 108264790Sbapt case ${atm_enable} in 109264790Sbapt [Yy][Ee][Ss]) 110264790Sbapt if [ -r /etc/rc.atm ]; then 111264790Sbapt . /etc/rc.atm 112264790Sbapt atm_pass1 113264790Sbapt fi 114264790Sbapt ;; 115264790Sbapt esac 116264790Sbapt 117264790Sbapt # Special options for sppp(4) interfaces go here. These need 118264790Sbapt # to go _before_ the general ifconfig section, since in the case 119264790Sbapt # of hardwired (no link1 flag) but required authentication, you 120264790Sbapt # cannot pass auth parameters down to the already running interface. 121264790Sbapt # 122264790Sbapt for ifn in ${sppp_interfaces}; do 123264790Sbapt eval spppcontrol_args=\$spppconfig_${ifn} 124264790Sbapt if [ -n "${spppcontrol_args}" ]; then 125264790Sbapt # The auth secrets might contain spaces; in order 126264790Sbapt # to retain the quotation, we need to eval them 127264790Sbapt # here. 128264790Sbapt eval spppcontrol ${ifn} ${spppcontrol_args} 129264790Sbapt fi 130264790Sbapt done 131264790Sbapt 132264790Sbapt # gifconfig 133264790Sbapt network_gif_setup 134264790Sbapt 135264790Sbapt # Set up all the network interfaces, calling startup scripts if needed 136264790Sbapt # 137264790Sbapt case ${network_interfaces} in 138264790Sbapt [Aa][Uu][Tt][Oo]) 139264790Sbapt network_interfaces="`ifconfig -l`" 140264790Sbapt ;; 141264790Sbapt esac 142264790Sbapt 143264790Sbapt dhcp_interfaces="" 144264790Sbapt for ifn in ${network_interfaces}; do 145264790Sbapt if [ -r /etc/start_if.${ifn} ]; then 146264790Sbapt . /etc/start_if.${ifn} 147264790Sbapt eval showstat_$ifn=1 148264790Sbapt fi 149264790Sbapt 150264790Sbapt # Do the primary ifconfig if specified 151264790Sbapt # 152264790Sbapt eval ifconfig_args=\$ifconfig_${ifn} 153264790Sbapt 154264790Sbapt case ${ifconfig_args} in 155264790Sbapt '') 156264790Sbapt ;; 157264790Sbapt [Dd][Hh][Cc][Pp]) 158264790Sbapt # DHCP inits are done all in one go below 159264790Sbapt dhcp_interfaces="$dhcp_interfaces $ifn" 160264790Sbapt eval showstat_$ifn=1 161264790Sbapt ;; 162264790Sbapt *) 163264790Sbapt ifconfig ${ifn} ${ifconfig_args} 164264790Sbapt eval showstat_$ifn=1 165264790Sbapt ;; 166264790Sbapt esac 167264790Sbapt done 168264790Sbapt 169264790Sbapt if [ ! -z "${dhcp_interfaces}" ]; then 170264790Sbapt ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 171264790Sbapt fi 172264790Sbapt 173264790Sbapt for ifn in ${network_interfaces}; do 174264790Sbapt # Check to see if aliases need to be added 175264790Sbapt # 176264790Sbapt alias=0 177264790Sbapt while : ; do 178264790Sbapt eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 179264790Sbapt if [ -n "${ifconfig_args}" ]; then 180264790Sbapt ifconfig ${ifn} ${ifconfig_args} alias 181264790Sbapt eval showstat_$ifn=1 182264790Sbapt alias=`expr ${alias} + 1` 183264790Sbapt else 184264790Sbapt break; 185264790Sbapt fi 186264790Sbapt done 187264790Sbapt 188264790Sbapt # Do ipx address if specified 189264790Sbapt # 190264790Sbapt eval ifconfig_args=\$ifconfig_${ifn}_ipx 191264790Sbapt if [ -n "${ifconfig_args}" ]; then 192264790Sbapt ifconfig ${ifn} ${ifconfig_args} 193264790Sbapt eval showstat_$ifn=1 194264790Sbapt fi 195264790Sbapt done 196264790Sbapt 197264790Sbapt for ifn in ${network_interfaces}; do 198264790Sbapt eval showstat=\$showstat_${ifn} 199264790Sbapt if [ ! -z ${showstat} ]; then 200264790Sbapt ifconfig ${ifn} 201264790Sbapt fi 202264790Sbapt done 203264790Sbapt 204264790Sbapt # ISDN subsystem startup 205264790Sbapt # 206264790Sbapt case ${isdn_enable} in 207264790Sbapt [Yy][Ee][Ss]) 208264790Sbapt if [ -r /etc/rc.isdn ]; then 209264790Sbapt . /etc/rc.isdn 210264790Sbapt fi 211264790Sbapt ;; 212264790Sbapt esac 213264790Sbapt 214264790Sbapt # Start user ppp if required. This must happen before natd. 215264790Sbapt # 216264790Sbapt case ${ppp_enable} in 217264790Sbapt [Yy][Ee][Ss]) 218264790Sbapt # Establish ppp mode. 219264790Sbapt # 220264790Sbapt if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 221264790Sbapt -a "${ppp_mode}" != "dedicated" \ 222264790Sbapt -a "${ppp_mode}" != "background" ]; then 223264790Sbapt ppp_mode="auto" 224264790Sbapt fi 225264790Sbapt 226264790Sbapt ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 227264790Sbapt 228264790Sbapt # Switch on NAT mode? 229264790Sbapt # 230264790Sbapt case ${ppp_nat} in 231264790Sbapt [Yy][Ee][Ss]) 232264790Sbapt ppp_command="${ppp_command} -nat" 233264790Sbapt ;; 234264790Sbapt esac 235264790Sbapt 236264790Sbapt ppp_command="${ppp_command} ${ppp_profile}" 237264790Sbapt 238264790Sbapt echo "Starting ppp as \"${ppp_user}\"" 239264790Sbapt su -m ${ppp_user} -c "exec ${ppp_command}" 240264790Sbapt ;; 241264790Sbapt esac 242264790Sbapt 243264790Sbapt # Initialize IP filtering using ipfw 244264790Sbapt # 245264790Sbapt if /sbin/ipfw -q flush > /dev/null 2>&1; then 246264790Sbapt firewall_in_kernel=1 247264790Sbapt else 248264790Sbapt firewall_in_kernel=0 249264790Sbapt fi 250264790Sbapt 251264790Sbapt case ${firewall_enable} in 252264790Sbapt [Yy][Ee][Ss]) 253264790Sbapt if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 254264790Sbapt firewall_in_kernel=1 255264790Sbapt echo 'Kernel firewall module loaded' 256264790Sbapt elif [ "${firewall_in_kernel}" -eq 0 ]; then 257264790Sbapt echo 'Warning: firewall kernel module failed to load' 258264790Sbapt fi 259264790Sbapt ;; 260264790Sbapt esac 261264790Sbapt 262264790Sbapt # Load the filters if required 263264790Sbapt # 264264790Sbapt case ${firewall_in_kernel} in 265264790Sbapt 1) 266264790Sbapt if [ -z "${firewall_script}" ]; then 267264790Sbapt firewall_script=/etc/rc.firewall 268264790Sbapt fi 269264790Sbapt 270264790Sbapt case ${firewall_enable} in 271264790Sbapt [Yy][Ee][Ss]) 272264790Sbapt if [ -r "${firewall_script}" ]; then 273264790Sbapt . "${firewall_script}" 274264790Sbapt echo -n 'Firewall rules loaded, starting divert daemons:' 275264790Sbapt 276264790Sbapt # Network Address Translation daemon 277264790Sbapt # 278264790Sbapt case ${natd_enable} in 279264790Sbapt [Yy][Ee][Ss]) 280264790Sbapt if [ -n "${natd_interface}" ]; then 281264790Sbapt if echo ${natd_interface} | \ 282264790Sbapt grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 283272955Srodrigc natd_ifarg="-a ${natd_interface}" 284272955Srodrigc else 285272955Srodrigc natd_ifarg="-n ${natd_interface}" 286272955Srodrigc fi 287272955Srodrigc 288272955Srodrigc echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 289272955Srodrigc fi 290272955Srodrigc ;; 291272955Srodrigc esac 292272955Srodrigc 293272955Srodrigc echo '.' 294272955Srodrigc 295272955Srodrigc elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 296272955Srodrigc echo 'Warning: kernel has firewall functionality,' \ 297272955Srodrigc 'but firewall rules are not enabled.' 298272955Srodrigc echo ' All ip services are disabled.' 299272955Srodrigc fi 300272955Srodrigc 301272955Srodrigc case ${firewall_logging} in 302272955Srodrigc [Yy][Ee][Ss] | '') 303272955Srodrigc echo 'Firewall logging=YES' 304272955Srodrigc sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 305272955Srodrigc ;; 306272955Srodrigc *) 307272955Srodrigc ;; 308272955Srodrigc esac 309272955Srodrigc 310272955Srodrigc ;; 311272955Srodrigc esac 312272955Srodrigc ;; 313264790Sbapt esac 314264790Sbapt 315264790Sbapt # Additional ATM interface configuration 316264790Sbapt # 317264790Sbapt if [ -n "${atm_pass1_done}" ]; then 318264790Sbapt atm_pass2 319264790Sbapt fi 320264790Sbapt 321264790Sbapt # Configure routing 322264790Sbapt # 323264790Sbapt case ${defaultrouter} in 324264790Sbapt [Nn][Oo] | '') 325264790Sbapt ;; 326264790Sbapt *) 327264790Sbapt static_routes="default ${static_routes}" 328264790Sbapt route_default="default ${defaultrouter}" 329264790Sbapt ;; 330264790Sbapt esac 331264790Sbapt 332264790Sbapt # Set up any static routes. This should be done before router discovery. 333264790Sbapt # 334264790Sbapt if [ -n "${static_routes}" ]; then 335264790Sbapt for i in ${static_routes}; do 336264790Sbapt eval route_args=\$route_${i} 337264790Sbapt route add ${route_args} 338264790Sbapt done 339264790Sbapt fi 340264790Sbapt 341264790Sbapt echo -n 'Additional routing options:' 342264790Sbapt case ${tcp_extensions} in 343264790Sbapt [Yy][Ee][Ss] | '') 344264790Sbapt ;; 345264790Sbapt *) 346264790Sbapt echo -n ' tcp extensions=NO' 347264790Sbapt sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 348264790Sbapt ;; 349264790Sbapt esac 350264790Sbapt 351264790Sbapt case ${icmp_bmcastecho} in 352264790Sbapt [Yy][Ee][Ss]) 353264790Sbapt echo -n ' broadcast ping responses=YES' 354264790Sbapt sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 355264790Sbapt ;; 356264790Sbapt esac 357264790Sbapt 358264790Sbapt case ${icmp_drop_redirect} in 359264790Sbapt [Yy][Ee][Ss]) 360264790Sbapt echo -n ' ignore ICMP redirect=YES' 361264790Sbapt sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 362264790Sbapt ;; 363264790Sbapt esac 364264790Sbapt 365264790Sbapt case ${icmp_log_redirect} in 366264790Sbapt [Yy][Ee][Ss]) 367264790Sbapt echo -n ' log ICMP redirect=YES' 368264790Sbapt sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 369264790Sbapt ;; 370264790Sbapt esac 371264790Sbapt 372264790Sbapt case ${gateway_enable} in 373264790Sbapt [Yy][Ee][Ss]) 374264790Sbapt echo -n ' IP gateway=YES' 375264790Sbapt sysctl -w net.inet.ip.forwarding=1 >/dev/null 376264790Sbapt ;; 377264790Sbapt esac 378264790Sbapt 379264790Sbapt case ${forward_sourceroute} in 380264790Sbapt [Yy][Ee][Ss]) 381264790Sbapt echo -n ' do source routing=YES' 382264790Sbapt sysctl -w net.inet.ip.sourceroute=1 >/dev/null 383264790Sbapt ;; 384264790Sbapt esac 385264790Sbapt 386264790Sbapt case ${accept_sourceroute} in 387264790Sbapt [Yy][Ee][Ss]) 388264790Sbapt echo -n ' accept source routing=YES' 389264790Sbapt sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 390264790Sbapt ;; 391264790Sbapt esac 392264790Sbapt 393264790Sbapt case ${tcp_keepalive} in 394264790Sbapt [Yy][Ee][Ss]) 395264790Sbapt echo -n ' TCP keepalive=YES' 396264790Sbapt sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 397264790Sbapt ;; 398264790Sbapt esac 399264790Sbapt 400264790Sbapt case ${tcp_drop_synfin} in 401264790Sbapt [Yy][Ee][Ss]) 402264790Sbapt echo -n ' drop SYN+FIN packets=YES' 403264790Sbapt sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 404264790Sbapt ;; 405264790Sbapt esac 406264790Sbapt 407264790Sbapt case ${ipxgateway_enable} in 408264790Sbapt [Yy][Ee][Ss]) 409264790Sbapt echo -n ' IPX gateway=YES' 410264790Sbapt sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 411264790Sbapt ;; 412264790Sbapt esac 413264790Sbapt 414264790Sbapt case ${arpproxy_all} in 415264790Sbapt [Yy][Ee][Ss]) 416264790Sbapt echo -n ' ARP proxyall=YES' 417264790Sbapt sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 418264790Sbapt ;; 419264790Sbapt esac 420264790Sbapt 421264790Sbapt case ${ip_portrange_first} in 422264790Sbapt [Nn][Oo] | '') 423264790Sbapt ;; 424264790Sbapt *) 425264790Sbapt echo -n " ip_portrange_first=$ip_portrange_first" 426264790Sbapt sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 427264790Sbapt ;; 428264790Sbapt esac 429264790Sbapt 430264790Sbapt case ${ip_portrange_last} in 431264790Sbapt [Nn][Oo] | '') 432264790Sbapt ;; 433264790Sbapt *) 434264790Sbapt echo -n " ip_portrange_last=$ip_portrange_last" 435264790Sbapt sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 436264790Sbapt ;; 437264790Sbapt esac 438264790Sbapt 439264790Sbapt echo '.' 440264790Sbapt 441264790Sbapt case ${ipsec_enable} in 442264790Sbapt [Yy][Ee][Ss]) 443264790Sbapt if [ -f ${ipsec_file} ]; then 444264790Sbapt echo ' ipsec: enabled' 445264790Sbapt setkey -f ${ipsec_file} 446264790Sbapt else 447264790Sbapt echo ' ipsec: file not found' 448264790Sbapt fi 449264790Sbapt ;; 450264790Sbapt esac 451264790Sbapt 452264790Sbapt echo -n 'Routing daemons:' 453264790Sbapt case ${router_enable} in 454264790Sbapt [Yy][Ee][Ss]) 455264790Sbapt echo -n " ${router}"; ${router} ${router_flags} 456264790Sbapt ;; 457264790Sbapt esac 458264790Sbapt 459264790Sbapt case ${ipxrouted_enable} in 460264790Sbapt [Yy][Ee][Ss]) 461264790Sbapt echo -n ' IPXrouted' 462264790Sbapt IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 463264790Sbapt ;; 464264790Sbapt esac 465264790Sbapt 466264790Sbapt case ${mrouted_enable} in 467264790Sbapt [Yy][Ee][Ss]) 468264790Sbapt echo -n ' mrouted'; mrouted ${mrouted_flags} 469264790Sbapt ;; 470264790Sbapt esac 471264790Sbapt 472264790Sbapt case ${rarpd_enable} in 473264790Sbapt [Yy][Ee][Ss]) 474264790Sbapt echo -n ' rarpd'; rarpd ${rarpd_flags} 475264790Sbapt ;; 476264790Sbapt esac 477264790Sbapt echo '.' 478264790Sbapt 479264790Sbapt # Let future generations know we made it. 480264790Sbapt # 481264790Sbapt network_pass1_done=YES 482264790Sbapt} 483264790Sbapt 484264790Sbaptnetwork_pass2() { 485264790Sbapt echo -n 'Doing additional network setup:' 486264790Sbapt case ${named_enable} in 487264790Sbapt [Yy][Ee][Ss]) 488264790Sbapt echo -n ' named'; ${named_program:-named} ${named_flags} 489264790Sbapt ;; 490264790Sbapt esac 491264790Sbapt 492264790Sbapt case ${ntpdate_enable} in 493264790Sbapt [Yy][Ee][Ss]) 494264790Sbapt echo -n ' ntpdate' 495264790Sbapt ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 496264790Sbapt ;; 497264790Sbapt esac 498264790Sbapt 499264790Sbapt case ${xntpd_enable} in 500264790Sbapt [Yy][Ee][Ss]) 501264790Sbapt echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 502264790Sbapt ;; 503264790Sbapt esac 504264790Sbapt 505264790Sbapt case ${timed_enable} in 506264790Sbapt [Yy][Ee][Ss]) 507264790Sbapt echo -n ' timed'; timed ${timed_flags} 508264790Sbapt ;; 509264790Sbapt esac 510264790Sbapt 511264790Sbapt case ${portmap_enable} in 512264790Sbapt [Yy][Ee][Ss]) 513264790Sbapt echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 514264790Sbapt ${portmap_flags} 515264790Sbapt 516264790Sbapt # Start ypserv if we're an NIS server. 517264790Sbapt # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 518264790Sbapt # 519264790Sbapt case ${nis_server_enable} in 520264790Sbapt [Yy][Ee][Ss]) 521264790Sbapt echo -n ' ypserv'; ypserv ${nis_server_flags} 522264790Sbapt 523264790Sbapt case ${nis_ypxfrd_enable} in 524272955Srodrigc [Yy][Ee][Ss]) 525264790Sbapt echo -n ' rpc.ypxfrd' 526264790Sbapt rpc.ypxfrd ${nis_ypxfrd_flags} 527264790Sbapt ;; 528264790Sbapt esac 529264790Sbapt 530264790Sbapt case ${nis_yppasswdd_enable} in 531264790Sbapt [Yy][Ee][Ss]) 532264790Sbapt echo -n ' rpc.yppasswdd' 533272955Srodrigc rpc.yppasswdd ${nis_yppasswdd_flags} 534264790Sbapt ;; 535264790Sbapt esac 536272955Srodrigc ;; 537272955Srodrigc esac 538264790Sbapt 539264790Sbapt # Start ypbind if we're an NIS client 540264790Sbapt # 541264790Sbapt case ${nis_client_enable} in 542264790Sbapt [Yy][Ee][Ss]) 543264790Sbapt echo -n ' ypbind'; ypbind ${nis_client_flags} 544264790Sbapt case ${nis_ypset_enable} in 545264790Sbapt [Yy][Ee][Ss]) 546264790Sbapt echo -n ' ypset'; ypset ${nis_ypset_flags} 547264790Sbapt ;; 548264790Sbapt esac 549264790Sbapt ;; 550264790Sbapt esac 551264790Sbapt 552264790Sbapt # Start keyserv if we are running Secure RPC 553264790Sbapt # 554264790Sbapt case ${keyserv_enable} in 555264790Sbapt [Yy][Ee][Ss]) 556264790Sbapt echo -n ' keyserv'; keyserv ${keyserv_flags} 557264790Sbapt ;; 558264790Sbapt esac 559264790Sbapt 560264790Sbapt # Start ypupdated if we are running Secure RPC 561264790Sbapt # and we are NIS master 562264790Sbapt # 563264790Sbapt case ${rpc_ypupdated_enable} in 564264790Sbapt [Yy][Ee][Ss]) 565264790Sbapt echo -n ' rpc.ypupdated'; rpc.ypupdated 566264790Sbapt ;; 567264790Sbapt esac 568264790Sbapt ;; 569264790Sbapt esac 570264790Sbapt 571264790Sbapt # Start ATM daemons 572264790Sbapt if [ -n "${atm_pass2_done}" ]; then 573264790Sbapt atm_pass3 574264790Sbapt fi 575264790Sbapt 576264790Sbapt echo '.' 577264790Sbapt network_pass2_done=YES 578264790Sbapt} 579264790Sbapt 580264790Sbaptnetwork_pass3() { 581264790Sbapt echo -n 'Starting final network daemons:' 582264790Sbapt 583264790Sbapt case ${portmap_enable} in 584264790Sbapt [Yy][Ee][Ss]) 585264790Sbapt case ${nfs_server_enable} in 586264790Sbapt [Yy][Ee][Ss]) 587264790Sbapt if [ -r /etc/exports ]; then 588264790Sbapt echo -n ' mountd' 589264790Sbapt 590264790Sbapt case ${weak_mountd_authentication} in 591264790Sbapt [Yy][Ee][Ss]) 592264790Sbapt mountd_flags="${mountd_flags} -n" 593264790Sbapt ;; 594264790Sbapt esac 595264790Sbapt 596264790Sbapt mountd ${mountd_flags} 597264790Sbapt 598264790Sbapt case ${nfs_reserved_port_only} in 599264790Sbapt [Yy][Ee][Ss]) 600264790Sbapt echo -n ' NFS on reserved port only=YES' 601264790Sbapt sysctl -w vfs.nfs.nfs_privport=1 > /dev/null 602264790Sbapt ;; 603264790Sbapt esac 604264790Sbapt 605264790Sbapt echo -n ' nfsd'; nfsd ${nfs_server_flags} 606264790Sbapt 607264790Sbapt if [ -n "${nfs_bufpackets}" ]; then 608264790Sbapt sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 609264790Sbapt fi 610264790Sbapt 611264790Sbapt case ${rpc_lockd_enable} in 612264790Sbapt [Yy][Ee][Ss]) 613264790Sbapt echo -n ' rpc.lockd'; rpc.lockd 614264790Sbapt ;; 615264790Sbapt esac 616264790Sbapt 617264790Sbapt case ${rpc_statd_enable} in 618264790Sbapt [Yy][Ee][Ss]) 619264790Sbapt echo -n ' rpc.statd'; rpc.statd 620264790Sbapt ;; 621264790Sbapt esac 622264790Sbapt fi 623264790Sbapt ;; 624264790Sbapt *) 625264790Sbapt case ${single_mountd_enable} in 626264790Sbapt [Yy][Ee][Ss]) 627264790Sbapt if [ -r /etc/exports ]; then 628264790Sbapt echo -n ' mountd' 629264790Sbapt 630264790Sbapt case ${weak_mountd_authentication} in 631264790Sbapt [Yy][Ee][Ss]) 632264790Sbapt mountd_flags="-n" 633264790Sbapt ;; 634264790Sbapt esac 635264790Sbapt 636264790Sbapt mountd ${mountd_flags} 637264790Sbapt fi 638264790Sbapt ;; 639264790Sbapt esac 640264790Sbapt ;; 641264790Sbapt esac 642264790Sbapt 643264790Sbapt case ${nfs_client_enable} in 644264790Sbapt [Yy][Ee][Ss]) 645264790Sbapt echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 646264790Sbapt if [ -n "${nfs_access_cache}" ]; then 647264790Sbapt echo -n " NFS access cache time=${nfs_access_cache}" 648264790Sbapt sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 649264790Sbapt fi 650264790Sbapt ;; 651264790Sbapt esac 652264790Sbapt 653264790Sbapt # If /var/db/mounttab exists, some nfs-server has not been 654264790Sbapt # sucessfully notified about a previous client shutdown. 655264790Sbapt # If there is no /var/db/mounttab, we do nothing. 656264790Sbapt if [ -f /var/db/mounttab ]; then 657264790Sbapt rpc.umntall -k 658264790Sbapt fi 659264790Sbapt 660264790Sbapt case ${amd_enable} in 661264790Sbapt [Yy][Ee][Ss]) 662264790Sbapt echo -n ' amd' 663264790Sbapt case ${amd_map_program} in 664264790Sbapt [Nn][Oo] | '') 665264790Sbapt ;; 666264790Sbapt *) 667264790Sbapt amd_flags="${amd_flags} `eval\ 668264790Sbapt ${amd_map_program}`" 669264790Sbapt ;; 670264790Sbapt esac 671264790Sbapt 672264790Sbapt if [ -n "${amd_flags}" ]; then 673264790Sbapt amd -p ${amd_flags}\ 674264790Sbapt > /var/run/amd.pid 2> /dev/null 675264790Sbapt else 676264790Sbapt amd 2> /dev/null 677264790Sbapt fi 678264790Sbapt ;; 679264790Sbapt esac 680264790Sbapt ;; 681264790Sbapt esac 682264790Sbapt 683264790Sbapt case ${rwhod_enable} in 684264790Sbapt [Yy][Ee][Ss]) 685264790Sbapt echo -n ' rwhod'; rwhod ${rwhod_flags} 686264790Sbapt ;; 687264790Sbapt esac 688264790Sbapt 689264790Sbapt # Kerberos runs ONLY on the Kerberos server machine 690264790Sbapt case ${kerberos_server_enable} in 691264790Sbapt [Yy][Ee][Ss]) 692264790Sbapt case ${kerberos_stash} in 693264790Sbapt [Yy][Ee][Ss]) 694264790Sbapt stash_flag=-n 695264790Sbapt ;; 696264790Sbapt *) 697264790Sbapt stash_flag= 698264790Sbapt ;; 699264790Sbapt esac 700264790Sbapt 701264790Sbapt echo -n ' kerberos' 702264790Sbapt kerberos ${stash_flag} >> /var/log/kerberos.log & 703264790Sbapt 704264790Sbapt case ${kadmind_server_enable} in 705264790Sbapt [Yy][Ee][Ss]) 706264790Sbapt echo -n ' kadmind' 707264790Sbapt (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 708264790Sbapt ;; 709264790Sbapt esac 710264790Sbapt unset stash_flag 711264790Sbapt ;; 712264790Sbapt esac 713264790Sbapt 714264790Sbapt case ${pppoed_enable} in 715264790Sbapt [Yy][Ee][Ss]) 716264790Sbapt if [ -n "${pppoed_provider}" ]; then 717264790Sbapt pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 718264790Sbapt fi 719264790Sbapt echo -n ' pppoed'; 720264790Sbapt /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 721272955Srodrigc ;; 722272955Srodrigc esac 723264790Sbapt 724264790Sbapt case ${sshd_enable} in 725264790Sbapt [Yy][Ee][Ss]) 726264790Sbapt if [ ! -f /etc/ssh/ssh_host_key ]; then 727264790Sbapt echo ' creating ssh RSA host key'; 728264790Sbapt /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 729264790Sbapt fi 730264790Sbapt if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 731264790Sbapt echo ' creating ssh DSA host key'; 732264790Sbapt /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 733264790Sbapt fi 734264790Sbapt ;; 735264790Sbapt esac 736264790Sbapt 737264790Sbapt echo '.' 738264790Sbapt network_pass3_done=YES 739264790Sbapt} 740264790Sbapt 741264790Sbaptnetwork_pass4() { 742264790Sbapt echo -n 'Additional TCP options:' 743264790Sbapt case ${log_in_vain} in 744264790Sbapt [Nn][Oo] | '') 745264790Sbapt ;; 746264790Sbapt *) 747264790Sbapt echo -n ' log_in_vain=YES' 748264790Sbapt sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 749264790Sbapt sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 750264790Sbapt ;; 751264790Sbapt esac 752264790Sbapt 753264790Sbapt echo '.' 754264790Sbapt network_pass4_done=YES 755264790Sbapt} 756264790Sbapt 757264790Sbaptnetwork_gif_setup() { 758264790Sbapt case ${gif_interfaces} in 759264790Sbapt [Nn][Oo] | '') 760264790Sbapt ;; 761264790Sbapt *) 762264790Sbapt for i in ${gif_interfaces}; do 763264790Sbapt eval peers=\$gifconfig_$i 764264790Sbapt case ${peers} in 765264790Sbapt '') 766264790Sbapt continue 767264790Sbapt ;; 768264790Sbapt *) 769264790Sbapt gifconfig $i ${peers} 770264790Sbapt ;; 771264790Sbapt esac 772264790Sbapt done 773264790Sbapt ;; 774264790Sbapt esac 775264790Sbapt} 776264790Sbapt 777264790Sbaptconvert_host_conf() { 778264790Sbapt host_conf=$1; shift; 779264790Sbapt nsswitch_conf=$1; shift; 780264790Sbapt awk ' \ 781264790Sbapt /^[:blank:]*#/ { next } \ 782264790Sbapt /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 783264790Sbapt /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 784264790Sbapt /nis/ { nsswitch[c] = "nis"; c++; next } \ 785264790Sbapt { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 786264790Sbapt END { \ 787264790Sbapt printf "hosts: "; \ 788264790Sbapt for (i in nsswitch) printf "%s ", nsswitch[i]; \ 789264790Sbapt printf "\n"; \ 790264790Sbapt }' < $host_conf > $nsswitch_conf 791264790Sbapt} 792264790Sbapt 793264790Sbapt